[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 19 08:12:55 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c1ae530 by security tracker role at 2025-12-19T08:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2025-68491
+ REJECTED
+CVE-2025-68490
+ REJECTED
+CVE-2025-68489
+ REJECTED
+CVE-2025-68488
+ REJECTED
+CVE-2025-68487
+ REJECTED
+CVE-2025-68486
+ REJECTED
+CVE-2025-68485
+ REJECTED
+CVE-2025-68484
+ REJECTED
+CVE-2025-68483
+ REJECTED
+CVE-2025-68422 (Improper Authorization (CWE-285) in Kibana can lead to privilege escal ...)
+ TODO: check
+CVE-2025-68398 (Weblate is a web based localization tool. In versions prior to 5.15.1, ...)
+ TODO: check
+CVE-2025-68390 (Allocation of Resources Without Limits or Throttling (CWE-770) in Elas ...)
+ TODO: check
+CVE-2025-68389 (Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...)
+ TODO: check
+CVE-2025-68388 (Allocation of resources without limits or throttling (CWE-770) allows ...)
+ TODO: check
+CVE-2025-68387 (Improper neutralization of input during web page generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68386 (Improper Authorization (CWE-285) in Kibana can lead to privilege escal ...)
+ TODO: check
+CVE-2025-68385 (Improper neutralization of input during web page generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68384 (Allocation of Resources Without Limits or Throttling (CWE-770) in Elas ...)
+ TODO: check
+CVE-2025-68383 (Improper Validation of Specified Index, Position, or Offset in Input ( ...)
+ TODO: check
+CVE-2025-68382 (Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker ...)
+ TODO: check
+CVE-2025-68381 (Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unaut ...)
+ TODO: check
+CVE-2025-68279 (Weblate is a web based localization tool. In versions prior to 5.15.1, ...)
+ TODO: check
+CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...)
+ TODO: check
+CVE-2025-67846 (The Deployment Infrastructure in Mintlify Platform before 2025-11-15 a ...)
+ TODO: check
+CVE-2025-67845 (A Directory Traversal vulnerability in the Static Asset Proxy Endpoint ...)
+ TODO: check
+CVE-2025-67844 (The GitHub Integration API in Mintlify Platform before 2025-11-15 allo ...)
+ TODO: check
+CVE-2025-67843 (A Server-Side Template Injection (SSTI) vulnerability in the MDX Rende ...)
+ TODO: check
+CVE-2025-67842 (The Static Asset API in Mintlify Platform before 2025-11-15 allows rem ...)
+ TODO: check
+CVE-2025-67653 (Advantech WebAccess/SCADAis vulnerable to directory traversal, which m ...)
+ TODO: check
+CVE-2025-67163 (A stored cross-site scripting (XSS) vulnerability in Simple Machines F ...)
+ TODO: check
+CVE-2025-66522 (A stored cross-site scripting (XSS) vulnerability exists in the Digita ...)
+ TODO: check
+CVE-2025-66521 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
+ TODO: check
+CVE-2025-66520 (A stored cross-site scripting (XSS) vulnerability exists in the Portfo ...)
+ TODO: check
+CVE-2025-66519 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
+ TODO: check
+CVE-2025-66502 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
+ TODO: check
+CVE-2025-66501 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
+ TODO: check
+CVE-2025-66500 (A stored cross-site scripting (XSS) vulnerability exists in webplugins ...)
+ TODO: check
+CVE-2025-66499 (A heap-based buffer overflow vulnerability exists in the PDF parsing o ...)
+ TODO: check
+CVE-2025-66498 (A memory corruption vulnerability exists in the 3D annotation handling ...)
+ TODO: check
+CVE-2025-66497 (A memory corruption vulnerability exists in the 3D annotation handling ...)
+ TODO: check
+CVE-2025-66496 (A memory corruption vulnerability exists in the 3D annotation handling ...)
+ TODO: check
+CVE-2025-66495 (A use-after-free vulnerability exists in the annotation handling of Fo ...)
+ TODO: check
+CVE-2025-66494 (A use-after-free vulnerability exists in the PDF file parsing of Foxit ...)
+ TODO: check
+CVE-2025-66493 (A use-after-free vulnerability exists in the AcroForm handling of Foxi ...)
+ TODO: check
+CVE-2025-66174 (There is an improper authentication vulnerability in some Hikvision DV ...)
+ TODO: check
+CVE-2025-66173 (There is a privilege escalation vulnerability in some Hikvision DVR pr ...)
+ TODO: check
+CVE-2025-65046 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2025-65041 (Improper authorization in Microsoft Partner Center allows an unauthori ...)
+ TODO: check
+CVE-2025-65037 (Improper control of generation of code ('code injection') in Azure Con ...)
+ TODO: check
+CVE-2025-64677 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2025-64676 ('.../...//' in Microsoft Purview allows an authorized attacker to exec ...)
+ TODO: check
+CVE-2025-64675 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2025-64663 (Custom Question Answering Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-63951 (An insecure deserialization vulnerability exists in the rss-mp3.php sc ...)
+ TODO: check
+CVE-2025-63950 (An insecure deserialization vulnerability exists in the download.php s ...)
+ TODO: check
+CVE-2025-63949 (A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel ...)
+ TODO: check
+CVE-2025-63948 (A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the ...)
+ TODO: check
+CVE-2025-63947 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAd ...)
+ TODO: check
+CVE-2025-62004 (BullWall Server Intrusion Protection services are initialized after lo ...)
+ TODO: check
+CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable delay before the ...)
+ TODO: check
+CVE-2025-62002 (BullWall Ransomware Containment relies on the number of file modificat ...)
+ TODO: check
+CVE-2025-62001 (BullWall Ransomware Containment contains excluded file paths, such as ...)
+ TODO: check
+CVE-2025-62000 (BullWall Ransomware Containment does not entirely inspect a file to de ...)
+ TODO: check
+CVE-2025-59529 (Avahi is a system which facilitates service discovery on a local netwo ...)
+ TODO: check
+CVE-2025-53710 (Due to a product misconfiguration in certain deployment types, it was ...)
+ TODO: check
+CVE-2025-52692 (Successful exploitation of the vulnerability could allow an attacker w ...)
+ TODO: check
+CVE-2025-46268 (Advantech WebAccess/SCADA is vulnerable to SQL injection, which may al ...)
+ TODO: check
+CVE-2025-34452 (Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 con ...)
+ TODO: check
+CVE-2025-34451 (rofl0r/proxychains-ng versions up to and including 4.17 and prior to c ...)
+ TODO: check
+CVE-2025-34450 (merbanan/rtl_433 versions up to and including 25.02 and prior to commi ...)
+ TODO: check
+CVE-2025-34449 (Genymobile/scrcpy versions up to and including 3.3.3 and prior to comm ...)
+ TODO: check
+CVE-2025-14940 (A vulnerability was determined in code-projects Scholars Tracking Syst ...)
+ TODO: check
+CVE-2025-14939 (A vulnerability was found in code-projects Online Appointment Booking ...)
+ TODO: check
+CVE-2025-14910 (A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts th ...)
+ TODO: check
+CVE-2025-14909 (A weakness has been identified in JeecgBoot up to 3.9.0. The impacted ...)
+ TODO: check
+CVE-2025-14908 (A security flaw has been discovered in JeecgBoot up to 3.9.0. The affe ...)
+ TODO: check
+CVE-2025-14900 (A security vulnerability has been detected in CodeAstro Real Estate Ma ...)
+ TODO: check
+CVE-2025-14899 (A weakness has been identified in CodeAstro Real Estate Management Sys ...)
+ TODO: check
+CVE-2025-14898 (A security flaw has been discovered in CodeAstro Real Estate Managemen ...)
+ TODO: check
+CVE-2025-14897 (A vulnerability was identified in CodeAstro Real Estate Management Sys ...)
+ TODO: check
+CVE-2025-14850 (Advantech WebAccess/SCADAis vulnerable to directory traversal, which m ...)
+ TODO: check
+CVE-2025-14849 (Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, w ...)
+ TODO: check
+CVE-2025-14848 (Advantech WebAccess/SCADA is vulnerable to absolute directory traversa ...)
+ TODO: check
+CVE-2025-14733 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may all ...)
+ TODO: check
+CVE-2025-14546 (Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cr ...)
+ TODO: check
+CVE-2025-14449 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-14267 (Incomplete removal of sensitive information before transfer vulnerabil ...)
+ TODO: check
+CVE-2025-13999 (The HTML5 Audio Player \u2013 The Ultimate No-Code Podcast, MP3 & Audi ...)
+ TODO: check
+CVE-2025-13941 (A local privilege escalation vulnerability exists in the Foxit PDF Rea ...)
+ TODO: check
+CVE-2025-13911 (The vulnerability affects Ignition SCADA applications where Python sc ...)
+ TODO: check
+CVE-2025-13754 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+ TODO: check
+CVE-2025-13427 (An authentication bypass vulnerability in Google Cloud Dialogflow CX M ...)
+ TODO: check
+CVE-2025-13307 (The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to ...)
+ TODO: check
+CVE-2025-13008 (An information disclosure vulnerability in M-Files Server before versi ...)
+ TODO: check
+CVE-2025-11774 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
CVE-2025-14876
- qemu <unfixed>
NOTE: https://lore.kernel.org/qemu-devel/20251214090939.408436-1-zhenwei.pi@linux.dev/T/#u
@@ -83,6 +273,7 @@ CVE-2025-64236 (Authentication Bypass Using an Alternate Path or Channel vulnera
CVE-2025-64235 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template function i ...)
+ {DSA-6079-1 DSA-6073-1}
- ffmpeg 7:7.1.3-1
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/0c6b7f9483a38657c9be824572b4c0c45d4d9fef (master)
@@ -844,7 +1035,7 @@ CVE-2025-14759 (Missing cryptographic key commitment in the Amazon S3 Encryption
NOT-FOR-US: Amazon
CVE-2025-14319
REJECTED
-CVE-2025-14318 (Improper access checks in M-Files Server before 25.12 allows users to ...)
+CVE-2025-14318 (Improper access checks in M-Files Server before 25.12.15491.7 allows u ...)
NOT-FOR-US: M-Files
CVE-2025-14314 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
@@ -10385,7 +10576,7 @@ CVE-2025-12394 (The Backup Migration WordPress plugin before 2.0.0 does not prop
NOT-FOR-US: WordPress plugin
CVE-2024-14015 (The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-54515 (The Secure Flag passed to Versal\u2122 Adaptive SoC\u2019s Arm\xae Tru ...)
+CVE-2025-54515 (The Secure Flag passed to Versal\u2122Adaptive SoC\u2019s Trusted Firm ...)
NOT-FOR-US: AMD
CVE-2025-48507 (The security state of the calling processor into Arm\xae Trusted Firmw ...)
NOT-FOR-US: AMD
@@ -564513,7 +564704,7 @@ CVE-2019-3865 (A vulnerability was found in quay-2, where a stored XSS vulnerabi
NOT-FOR-US: Quay
CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before quay-3.0. ...)
NOT-FOR-US: Quay
-CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1. A server could send a multip ...)
+CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1 creating a vulnerability on t ...)
{DSA-4431-1 DLA-1730-1}
- libssh2 1.8.0-2.1 (bug #924965)
NOTE: https://www.libssh2.org/CVE-2019-3863.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c1ae530eddb0419566ac6c6654ee6f6756dfbc2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c1ae530eddb0419566ac6c6654ee6f6756dfbc2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251219/0411f979/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list